Increased lengths for OAuth 2.0 fields

To ensure increased security for our mutual QuickBooks users, we are increasing the lengths of the authorization codes, access tokens, and refresh token fields. These field lengths have not previously been documented; we are now doing that and listing the maximum length your application needs to be able to support.

The new maximum lengths are listed below:

  • Authorization codes: 512 characters
  • Access tokens: 4096 characters
  • Refresh tokens: 512 characters

Applications will break if they are not able to store the whole authorization code, access token, or refresh token returned.  This could happen if you have hard coded the length of a field to something less than what is listed above.

Please review your code to ensure you have not hardcoded the length of these fields into your application code. If you have, please make the change to support the lengths listed above.

When is it happening?

You should ensure your application is able to support this update by June 1, 2020. The authorization code, access token, and refresh token lengths will not exceed the maximum lengths listed above.

Where can I learn more?

Review the OAuth 2.0 documentation on our Developer portal.

If you have any specific questions, reach out on our developer forums at developer.intuit.com/help.

Thank you,

Intuit Developer






2 responses to “Increased lengths for OAuth 2.0 fields”

  1.  Avatar

    How to test our application before June 1st 2020 ? Thanks

  2. Ashay Satav Avatar
    Ashay Satav

    Hi Folks,

    We would like to be able to test our changes are good before this goes live. Do you know when you will be making test data available in the sandbox so we can please?


Leave a Reply

Your email address will not be published. Required fields are marked *